shopify-agent-discount

SUSPICIOUS. The skill’s install sources are mostly same-org/offical, but its actual footprint is mismatched to its purpose: a Shopify discount checker should not normally require generating an Ethereum private key, storing it locally, and registering a wallet-backed agent. No confirmed credential theft is shown, yet the crypto-based auth flow, broad shell permissions, and credential forwarding to local code make the skill higher risk than its description implies.